How to modify from Public (Open Membership) to Joinless with SSO?

First, if you are on 11, there really was no platform way to adequately to do this.  The only way was via an HttpModule or widget.  Custom HttpModules really were not supported as there is no way to gurantee they would be upgradeable.  Widgets are not really appopriate for doing this as they can create problems in general and are not a complete solution and can potentially break other Urls.

In the current versions of 12, opening or closing a community is acutally simple.   There is a View Website permission you simply remove from the Everyone role, and then your community requires login to view.  SSO, assuming it is using the SSO v3 framework introduced in 12.1, is not relevant and would work the same.  If you want to open it up again, you simply add the permission back to the Everyone role.

Making it "read-only"  requires you ensure that the Everyone role does not have permissions in any group or application to modify, create or delete content

First, if you are on 11, there really was no platform way to adequately to do this.  The only way was via an HttpModule or widget.  Custom HttpModules really were not supported as there is no way to gurantee they would be upgradeable.  Widgets are not really appopriate for doing this as they can create problems in general and are not a complete solution and can potentially break other Urls.

In the current versions of 12, opening or closing a community is acutally simple.   There is a View Website permission you simply remove from the Everyone role, and then your community requires login to view.  SSO, assuming it is using the SSO v3 framework introduced in 12.1, is not relevant and would work the same.  If you want to open it up again, you simply add the permission back to the Everyone role.

Making it "read-only"  requires you ensure that the Everyone role does not have permissions in any group or application to modify, create or delete content